On Monday 28 January 2013 08:35 PM, Jan-Oliver Wagner wrote:
On Freitag, 25. Januar 2013, Sebastien Aucouturier wrote:
Overview tell the facts when vulnerability is detect:
script_tag(name:"overview", value:"The remote host contains a CGI
which
is vulnerable to a cross-site scripting issue.");
Well, this is basically redundant with<summary+"yes">.
Should be, but we got plugins, that now does not let us say that, as
example :
gb_winftp_serv_bof_vuln.nasl :
summary is : Check for the version of WinFTP Server
when in overview part of field description we got :
Overview: This host is running WinFTP Server and is prone to Buffer
Overflow vulnerability.
So here : overview is not summary+yes :-(
OK, but I'd say its a bug in the NVT. The summary suggests it is a
_detect script.
I think such situations should be resolved by fixing the NVT.
In many of the vulnerable NVTs within summary "Check for the version of
Application"
is used (summary say what exactly NVT is doing in the coding part ). I
feel its proper in
this case.
In case of detect NVTs summary is "Set KB for the version of Application"
(It will set version only in KB). This also looks proper.
This is what i have understood. Please correct me if am wrong.
-Antu
--
Antu Sanadi | Security Research Analyst
SecPod Technologies Pvt. Ltd | http://www.secpod.com/
1354, 3rd Floor|9th Cross, 80ft Road, 33rd Main,
1st Phase, JP Nagar| Bangalore - 560078 |India
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
